Method, system and smart card reader for management of access to a smart card

ABSTRACT

The described embodiments relate generally to devices, methods and systems for managing access to a memory card, such as a smart card, by a plurality of accessing devices. Certain embodiments relate to a smart card reader (SCR) for managing access to a smart card by a plurality of accessing devices. The SCR comprises: a processor; a channel manager responsive to the processor for interfacing with the smart card; and a communication interface responsive to the channel manager for communicating with the plurality of accessing devices.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation-in-Part of U.S. patent applicationSer. No. 11/622,250, filed Jan. 11, 2007, which claims the benefit ofU.S. Provisional Patent Application No. 60/807,743, filed Jul. 19, 2006,the entire contents of both of which are hereby incorporated byreference.

TECHNICAL FIELD

The described embodiments relate to methods, systems and card readerdevices for management of access to a smart card. In particular, thedescribed embodiments relate to facilitating access to the smart card bymultiple devices.

BACKGROUND

Communication with a smart card requires a session to be opened betweenthe smart card and the application that wishes to communicate with it.The secure nature of a smart card requires that only one session can beopen at any given time. Most smart card readers (SCR) are connected toone system at a time, which allows for its exclusive use by the attachedsystem. Many systems take advantage of this exclusivity by maintainingan open session with the smart card for the duration of the time thesmart card is inserted in the reader.

With some SCRs, it is possible (even likely) that more than oneconnection will exist at a given time. However, if a session is openedby one of the connected systems, it is generally not possible foranother connected system to open the session for its own use until thesystem which currently has the open session decides to close itssession.

This may be the case when both a handheld device and a Personal Computer(PC) are connected to the SCR. When the PC is notified by the SCR that asmart card has been inserted, the PC will typically open the smart cardsession and keep the session open until the connection with the readeris terminated or the smart card is removed from the SCR. Since the smartcard session is always being held open by the PC, the handheld devicecannot initiate a session with the smart card. This prevents thehandheld device user from performing operations such as signing ordecrypting emails, and if the smart card is required for authenticatingthe user for use of the handheld device, the user will not be able tounlock the handheld device.

The described embodiments attempt to address or ameliorate one or moreshortcomings or disadvantages associated with existing techniques formanagement of access to a smart card, or to at least provide a usefulalternative thereto.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments are described in further detail below, by way of exampleonly, with reference to the accompanying drawings, in which:

FIG. 1 is a block diagram of a system for accessing a smart card;

FIG. 2 is a block diagram of a smart card reader for use in the systemof FIG. 1;

FIG. 3 is a block diagram of mobile device for use in the system of FIG.1;

FIG. 4 is a flowchart of a method of managing access to a smart card;

FIG. 5 is a flowchart of a further method of managing access to a smartcard;

FIG. 6 is a flowchart of a method of mapping an assumed channel to anassigned channel;

FIG. 7 is a flowchart of a further method of managing access to a smartcard;

FIG. 8 is a flowchart of a method of determining whether a smart cardsupports creation of logical channels;

FIG. 9 is a flowchart of a further method of managing access to a smartcard; and

FIG. 10 is an example screenshot of a user selection window.

DETAILED DESCRIPTION

The described embodiments relate generally to devices, methods andsystems for managing access to a memory card, such as a smart card, by aplurality of accessing devices. Further embodiments relate to computerreadable storage storing computer program instructions for execution bya processor to perform the described methods.

Certain embodiments relate to a card reader device for managing accessto a memory card by a plurality of accessing devices. The card readerdevice comprises: a processor; a wireless communication interfaceresponsive to the processor for communicating with the plurality ofaccessing devices; a memory card interface for enabling communicationbetween the processor and the memory card; wherein, when at least afirst secure session is open between at least a first accessing deviceand the memory card and the card reader device receives an open sessioncommand from a second accessing device, the processor is configured todetermine whether the memory card can support a second secure sessionsimultaneously with at least the first secure session and, if theprocessor determines that the memory card cannot simultaneously supportthe first secure session and the second secure session, to terminate thefirst secure session and to allow the second accessing device to openthe second secure session between the memory card and the secondaccessing device.

The open session command may comprise a MANAGE_CHANNEL command. Thedevice may further comprise a memory, the memory storing a connectiontable, wherein the connection table comprises entries for each sessionestablished between the smart card and a respective accessing device.The connection table may comprise, for each session entry, one or morechannel entries. The memory card interface may comprise a channelmanager and the channel manager may be configured to determine whethermultiple secure sessions can be supported by the memory card.

The processor may be configured to, prior to terminating the firstsecure session, determine all secure sessions established with thememory card and to provide a list of accessing devices corresponding tothe all secure sessions to the second accessing device for display to auser of the second accessing device. The processor may be configured toterminate the first secure session in response to a command receivedfrom the second accessing device corresponding to a user selection ofthe first accessing device from the list. The memory card interface maycomprise a channel manager, wherein the channel manager controls thechannels that can be opened between the smart card and the plurality ofaccessing devices so that the total number of channels is limited to apredetermined number. The processor may be configured to terminate thefirst open session by notifying the first accessing device that thememory card cannot be accessed by the card reader device. The processormay be configured to terminate the first open session by notifying thefirst accessing device that the memory card has been removed from thecard reader device.

The device may further comprise a serial interface for wiredcommunication with one of the plurality of accessing devices. The devicemay further comprise a socket for receiving the smart card andelectrically coupling the processor and the smart card. The memory cardinterface may enable wireless communication between the card readerdevice and the memory card.

Further embodiments relate to a method of managing communication betweena memory card and a plurality of accessing devices, comprising at leastfirst and second accessing devices, when at least a first secure sessionis established between the memory card and at least the first accessingdevice, respectively, the method comprising: receiving at a card readerdevice in communication with the memory card an open session commandfrom the second accessing device to open a second secure session withthe memory card; determining whether the memory card can support thesecond secure session with the second accessing device; terminating thefirst secure session between the first accessing device and the memorycard in response to a determination that the memory card cannot supportthe second secure session; and opening the second secure session betweenthe second accessing device and the memory card.

The open session command may comprise a MANAGE_CHANNEL command. Themethod may further comprise storing a connection table in a memory ofthe card reader device, the connection table comprising entries for eachsession established between the smart card and a respective accessingdevice. The connection table may include, for each session entry, one ormore channel entries. The determining may comprise determining whethermultiple secure sessions can be supported by the memory card.

The method may further comprise: prior to terminating the first securesession, determining all secure sessions established with the memorycard; and providing a list of accessing devices corresponding to the allsecure sessions to the second accessing device for display to a user ofthe second accessing device; and wherein the first secure session isterminated in response to a command received from the second accessingdevice corresponding to a user selection of the first accessing devicefrom the list.

The method may further comprise controlling the channels that can beopened between the smart card and the plurality of accessing devices sothat the total number of channels is limited to a predetermined number.The terminating may comprise notifying the first accessing device thatthe memory card cannot be accessed by the card reader device. Theterminating may comprise notifying the first accessing device that thememory card has been removed from the card reader device. Computerreadable storage storing program instructions which, when executed by aprocessor on a smart card reader, cause the processor to perform themethods as described above.

Further embodiments relate to a system for managing access to a memorycard by a plurality of accessing devices. The system comprises: a cardreader device having a processor, a wireless communication interfaceresponsive to the processor for communicating with the plurality ofaccessing devices and a memory card interface for enabling communicationbetween the processor and the memory card; at least a first accessingdevice in communication with the card reader device; and a secondaccessing device in communication with the card reader device; wherein,when at least a first secure session is open between the first accessingdevice and the memory card and the card reader device receives an opensession command from the second accessing device, the processor isconfigured to determine whether the memory card can support a secondsecure session simultaneously with the at least first secure sessionand, if the processor determines that the memory card cannotsimultaneously support the first secure session and the second securesession, to terminate the first secure session and to allow the secondaccessing device to open the second secure session between the memorycard and the second accessing device.

The processor may be configured to terminate the first secure session inresponse to a command received from the second accessing devicecorresponding to a user selection on the second accessing device. Thecard reader device may further comprise a memory, the memory storing aconnection table, wherein the connection table comprises entries foreach session established between the smart card and a respectiveaccessing device. The connection table may comprise, for each sessionentry, one or more channel entries. The memory card interface maycomprise a channel manager and the channel manager is configured todetermine whether multiple secure sessions can be supported by thememory card.

The processor may be configured to, prior to terminating the firstsecure session, determine all secure sessions established with thememory card and to provide a list of accessing devices corresponding tothe all secure sessions to the second accessing device for display to auser of the second accessing device. The processor may be configured toterminate the first secure session in response to a command receivedfrom the second accessing device corresponding to a user selection ofthe first accessing device from the list.

The memory card interface may comprise a channel manager, wherein thechannel manager controls the channels that can be opened between thesmart card and the plurality of accessing devices so that the totalnumber of channels is limited to a predetermined number. The processormay be configured to terminate the first open session by notifying thefirst accessing device that the memory card cannot be accessed by thecard reader device. The processor may be configured to terminate thefirst open session by notifying the first accessing device that thememory card has been removed from the card reader device.

The system may further comprise a serial interface for wiredcommunication with one of the plurality of accessing devices. The cardreader device may comprise a socket for receiving the smart card andelectrically coupling the processor and the smart card. The memory cardinterface may enable wireless communication between the card readerdevice and the memory card.

Communication with a smart card during a smart card session is processedon what is referred to as the basic channel. ISO 7816-4, Section 6.16defines the MANAGE_CHANNEL command, which can be used to create up tothree logical channels (in addition to the basic channel) on which tocommunicate with the smart card. Opening a new logical channel allowsthe commands to be processed by the smart card without affecting thesession state of the basic channel or other logical channels.

In the current architecture on the Microsoft Windows™ platform, forexample, the manufacturer of the smart card typically supplies aCryptographic Service Provider (CSP) which is used by the operatingsystem and applications on the PC to communicate with the smart card. Itis the CSP that maintains the long term smart card session. The CSPmanages communication with the smart card through the SCR, ensuring thatresponses are provided to the process that sent the associated command.

FIG. 1 depicts a system 100 for accessing a memory card 120 received by,or otherwise electronically coupled with, a card reader (SCR) 110.System 100 includes multiple computing devices in communication withcard reader 110 over a wireless interface. Such computing devicesinclude one or more wireless-enabled personal computers (PC) 130 and atleast one wireless-enabled mobile device 140. Each of the computingdevices has a wireless transceiver for communicating with card reader110, which also has a wireless transceiver, over a communication link113 or 114. Alternatively, one of the computing devices, such as themobile device 140, may be in communication with card reader 110 via awired connection, such as a universal serial bus (USB) cable. Either orboth of PC 130 and mobile device 140 may be termed an “accessing device”in the context of the described embodiments.

When multiple connections are open between would-be accessing devices(e.g. PC 130 and mobile device 140) and the SCR 110, only one connectioncan have the smart card session at a given time. Since any sessionopened by a PC 130 is likely to be a long term session, otherconnections will not be able to open the session. Using an open channelcommand, such as the MANAGE_CHANNEL command, the SCR 110 can open alogical channel, if one is available, which can be used to send commandsto the memory card 120 for processing, while not affecting thepreviously opened session.

In order to do this, the SCR 110 manages the use of logical channels ina manner that is transparent to the originator of the commands. This mayinvolve, for example, modifying the Class byte (CLA) of the applicationprotocol data unit (APDU), as defined in the ISO 7816 standard, tospecify the correct logical channel. The SCR 110 also ensures thatcommands that affect other channels, such as a card reset command, arenot allowed if received from a connection that uses a logical channelthat the SCR 110 is managing.

The SCR 110 also handles receiving further MANAGE_CHANNEL commands onthe basic channel or a logical channel that it is managing. This mayinvolve opening a new logical channel either on the basic channel or onthe current logical channel, depending on the channel over which thesession request was received, and providing the appropriate feedback tothe accessing device 130, 140 that sent the MANAGE_CHANNEL command.

In order to manage the processing of simultaneous commands from multipleaccessing devices 130, 140, it may be necessary to prioritize commandscoming from specific connections, or even commands themselves. This maybe required to ensure that more urgent operations, such as userauthentication, are not unduly delayed by commands that take longer toprocess, such as importing a certificate. For example, if a PC 130 isimporting certificates from the memory card 120 (which is a relativelylong process), and the mobile device 140 needs to authenticate the userin order to unlock the device, the authentication request from themobile device 140 should be given a higher priority and be processed assoon as a logical channel becomes available.

By default, all commands from the mobile device 140 may be consideredhigher priority than commands from a PC 130, simply because smart cardsessions with mobile device 140 are more likely to be short.Alternatively, commands from the mobile device 140 can be accompanied byan indication of the command type (such as User Authentication or DataSigning, for example) which would allow the SCR 110 to determine whichcommands should have higher priority, for example based on the numberand type of connections open and the number of logical channelsavailable.

The mobile device 140 may be any suitable wirelessly enabled handheldmobile device. The mobile device 140 may be a dual mode (data and voice)communication device and personal digital assistant device, such as isdescribed in further detail below in relation to FIG. 2. Alternatively,the mobile device may be a single mode (data) communication device. Themobile device 140 may be capable of email communication. The user ofmobile device 140 may be required to authenticate itself for use of themobile device 140 by providing a password or a personal identificationnumber (PIN) code, for example to unlock a user interface of mobiledevice 140, to digitally sign a message or to decrypt an encryptedmessage.

Personal computers 130 may be any kind of computer, such as a normaldesktop computer, laptop or other portable or fixed computer systemwhich may require access to memory card 120. While computing devices 130are described as being PCs, it should be understood that they need notbe of a particular type of computer, nor must they be of the same typeor run a particular operating system. While not specifically shown inFIG. 1, each PC 130 is enabled for wireless and/or wired communicationwith card reader 110 in a manner compatible with the communicationcapabilities of card reader 110 described below in relation to FIG. 3.

Although FIG. 1 illustrates more than one PC 130 in communication withcard reader 110 over a wireless link 113, only one such PC 130 may bepresent in system 100. Further, while FIG. 1 does not illustrate acommunication link between mobile device 140 and PC 130, such a link maybe established.

Memory card 120 may be a smart card. Smart cards are personalizedsecurity devices, defined by the ISO 7816-4 standard and itsderivatives, as published by the International Organization forStandardization. A smart card may have a form factor of a credit cardand may include a semiconductor device. The semiconductor device mayinclude a memory that can be programmed with security information, forexample such as a private decryption key, a private signing key,biometrics information or an authentication certificate. Thesemiconductor device may include a decryption engine, such as aprocessor and/or dedicated logic circuitry for performing decryptionand/or authentication functions. The smart card may include a connectorfor powering the semiconductor device and performing serialcommunication with an external device, such as card reader 110.

Smart cards may have exposed contacts on one surface of the card forestablishing electrical contact with corresponding contacts on the cardreader, thereby facilitating communication between the smart card andthe card reader. In one embodiment, memory card 120 and card reader 110use electrical contact to establish communication therebetween. Althoughmemory card 120 may be physically received in card reader 110, it is notessential that card reader 110 physically receive or contact memory card120 in order to establish communication therebetween. For example, insome embodiments, memory card 120 may interface with card reader 110using radio frequency identification (RFID) technology. In suchembodiments, the memory card 120 need only be sufficiently proximate tocard reader 110 to enable radio frequency communication therebetween.

Mobile device 140 may be enabled to communicate with a wireless network150. The wireless network 150 may be implemented as a packet-basedcellular network that includes a number of base stations, each providingwireless Radio Frequency (RF) coverage to a corresponding area or cell.For example, the wireless network 150 could conform to one or more ofthe following, among other network standards: Mobitex Radio Network;DataTAC; Global System for Mobile Communication (GSM); General PacketRadio System (GPRS); Time Division Multiple Access (TDMA); Code DivisionMultiple Access (CDMA); Cellular Digital Packet Data (CDPD); integratedDigital Enhanced Network (iDEN); or various other third generationnetworks such as Enhanced Data rates for GSM Evolution (EDGE) orUniversal Mobile Telecommunications Systems (UMTS).

In some embodiments, instead of, or in addition to, a wireless wide areanetwork, the wireless network 150 may include a wireless local areanetwork, such as, for example, a wireless local area network thatconforms to one or more IEEE 802.11 standards, such as 802.11b, 802.11gand 802.11n. In at least some example embodiments, the wireless network150 is connected, through intermediate communications links (not shown),including, for example, links through the Internet, to one or moreenterprise networks (not shown). Typically, such enterprise networks areeach associated with a set of respective mobile devices 140, such thatthe mobile devices 140 are each enabled to exchange electronic messagesand other information with the enterprise networks with which the mobiledevices 140 are associated.

FIG. 2 illustrates a detailed embodiment of the mobile device 140. Themobile device 140 includes a display sub-system 210 and a wirelessnetwork communication subsystem 212 for two-way communications with thewireless network 150 (FIG. 1). According to one embodiment, thecommunications subsystem 212 includes antennas (not shown), RFtransceivers (not shown) and some signal processing capabilities thatmay be implemented, for example, by a digital signal processor (notshown). The mobile device 140 also includes a controller in the form ofat least one mobile device microprocessor 216 that is suitablyprogrammed to control the overall operation and functions of the mobiledevice 140, which are described in more detail below.

The mobile device 140 includes peripheral devices or subsystems such asa flash memory 218, a random access memory (RAM) 220, an auxiliaryinput/output (I/O) subsystem 222 (e.g., a scroll wheel), a serial port224 (e.g., a Universal Serial Bus, or “USB”, port), an input device 226(e.g., a keyboard or keypad), a speaker 228, a microphone 230, a mobiledevice short-range communications subsystem 232 (e.g., an infraredtransceiver, wireless bus protocol system, such as a Bluetooth™ or othermeans of local wireless communications) and an other device subsystemdesignated generally by reference 234.

The mobile device microprocessor 216 operates under stored programcontrol with code or firmware being stored in the flash memory 218 (orother type of non-volatile memory device or devices). As depicted inFIG. 2, the flash memory 218 includes stored programs (e.g., firmware)including an operating system program or code module 240 and otherprograms or software applications indicated generally by reference 242.The software applications 242 can, for example, include a World Wide Web(WWW) browsing application 244 and an e-mail client application 246.

According to example embodiments, the software applications 242 of themobile device 140 further include a memory card driver 248 that may beused in conjunction with the card reader 110, which is described in moredetail below in connection with FIG. 3. Notably, the memory card driver248 may be provided, not by the manufacturer of the mobile device 140,but, instead, by a third party, i.e., the manufacturer of the memorycard 120. Furthermore, an Application Programming Interface (API) may bebuilt in to the memory card driver 248 to allow the mobile device 140 tocommunicate with the memory card 120 through the card reader 110.

The software applications 242 of the mobile device 140 may furtherinclude a smart card reader (SCR) pairing and security module 250 forcoordinating a pairing process between the mobile device 140 and thecard reader 110. The roles of the memory card driver 248 and the smartcard reader pairing and security module 250 will be described in greaterdetail below. Software applications 242 may further comprise a channelmanager (not shown) for managing communication between multipleapplications on mobile device 140 that have an active session open withmemory card 120 over separate logical channels.

The operating system code 240, code for specific device applications242, code for the WWW browsing application 244, code for the e-mailclient application 246, code for the memory card driver 248, or code forthe smart card reader pairing and security module 250 may be temporarilyloaded into a volatile storage medium such as the RAM 220 duringoperation of the mobile device 140. Received communication signals andother data with information may also be stored in the RAM 220. In someembodiments, the mobile device 140 may include, in addition to theinternal flash memory 218, persistent memory carried on a SIM(Subscriber Identity Module) card, or other removable device, and atleast some of the flash memory 218 may be allocated to the SIM cardflash memory.

The stored program control (i.e., the software applications 242) for themobile device microprocessor 216 also includes a predetermined set ofapplications, code components or software modules that control basicdevice operations, for example, data and voice communicationapplications which are normally installed on the mobile device 140 asthe software applications 242 during the manufacturing process. Furtherapplications may also be loaded (i.e., downloaded) onto the mobiledevice 140 through the operation of networks described above, theauxiliary I/O subsystem 222, the serial port 224 or the mobile deviceshort-range communications subsystem 232. The downloaded code modules orcomponents are then installed by the user (or automatically) in the RAM220 or the non-volatile program memory (e.g., the flash memory 218).

The serial port 224 comprises a USB-type interface port for interfacingor synchronizing with another device, such as a desktop or notebookcomputer (not shown). The serial port 224 is used to set preferencesthrough an external device or software application. The serial port 224is also used to extend the capabilities of the mobile device 140 byproviding for information or software downloads, including userinterface information, to the mobile device 140 other than through awireless communication network. In one embodiment, the serial port 224may be used to communicate with card reader 110.

The mobile device short-range communications subsystem 232 provides aninterface for communication between the mobile device 140 and otherdevices, including the card reader 110, to be described in greaterdetail in connection with FIG. 3, below. For example, the mobile deviceshort-range communications subsystem 232 may employ an infraredcommunication link or channel, or may operate according to a wirelessbus protocol, such as Bluetooth™, or any other localized wireless meansof communication.

FIG. 3 illustrates an example embodiment of the card reader 110, in theexemplary form of a smart card reader. The card reader 110 includes acontroller including at least one smart card reader microprocessor 310,which is suitably programmed to control the overall operation andfunctions of the card reader 110. The card reader 110 also includes anoutput device 312 (e.g., a display module). The card reader 110 furtherincludes peripheral devices or subsystems such as a flash memory 314, arandom access memory (RAM) 316, which, in some embodiments, includes aportion allocated to a data cache, a serial port 318 (e.g., a USB port),a smart card reader short-range communications subsystem 320 (e.g., aninfrared transceiver or a wireless bus protocol system using a protocolsuch as a Bluetooth™), a storage component interface 322 (e.g., for amemory card or any other data storage device) and a pairing-activationinput device 324 (e.g., a push button).

The smart card reader microprocessor 310 operates under stored programcontrol with code or firmware being stored in the flash memory 314 (orother type of non-volatile memory device or devices). As depicted inFIG. 3, the stored programs (e.g., firmware) include an operating systemprogram or code module 326 and other programs or software applicationsindicated generally by reference 328. The operating system 326 of thecard reader 110 further includes a channel manager component 330 and amemory card reader driver component 332.

The channel manager component 330 is responsible for communicating withthe one or more accessing devices 130, 140 and memory card 120 tofacilitate establishment and perpetuation (for as long as required) ofone or more secure sessions between the one or more accessing devices130, 140 and memory card 120. The functions of the channel managercomponent 330 are described in further detail below, with reference toFIGS. 5 and 9.

The memory card reader driver component 332 is responsible forcoordinating communications between the card reader 110 and a memorycard 120 and/or the memory card driver 248 of the mobile device 140 (viawired or wireless communication link 114).

The operating system code 326, code for specific device applications328, code for the channel manager component 330, code for the memorycard reader driver component 332, or code components thereof, may betemporarily loaded into a volatile storage medium such as the RAM 316.Received communication signals and other data may also be stored in theRAM 316. Additionally, the storage component interface 322 receives theremovable memory card 120, providing additional storage space for thecard reader 110.

The memory card 120 has a card driver and controller 338 responsible forcoordinating communications between the memory card 120 and the memorycard reader driver component 332 of the smart card reader 110. Whileoperation of the card reader 110 is described in a context in which thememory card 120 is a smart card, it will be understood by those skilledin the art that the card reader 110 may be designed to operate with anysuitable form of memory device.

The stored program control (i.e., software applications 328) for thesmart card reader microprocessor 310 may include a predetermined set ofapplications, code components or software modules that control basicdevice operations, for example, management and security related controlof the data of the card reader 110, and may be installed on the cardreader 110 as a component of the software applications 328 during themanufacturing process. Further applications may also be loaded (i.e.,downloaded) onto the card reader 110 through the operation of the serialport 318, the smart card reader short-range communications subsystem 320or from the memory card 120. The downloaded code module or componentsare then installed by the user (or automatically) in the RAM 316 ornon-volatile program memory (e.g., the flash memory 314).

While the channel manager component 330 and the memory card readerdriver component 332 are shown to be an integrated portion of theoperating system 326 for security purposes (e.g., individuals must notbe permitted to tamper with the channel manager component 330 or thememory card reader driver component 332), the channel manager component330 and/or the memory card reader driver component 332 could beinstalled as one of the software applications 328, provided thatsuitable security related precautions are taken to ensure that thechannel manager component 330 and the memory card reader drivercomponent 332 cannot be modified or tampered with by unauthorized users.

The serial port 318 may be a USB-type interface port for interfacing orsynchronizing with another device, such as personal computer 130 or themobile device 140. The serial port 318 is used to set preferencesthrough an external device or software application or exchange data witha device, such as the mobile device 140, which data is stored on thememory card 120 that is plugged into the storage component interface 322of the card reader 110. The serial port 318 is also used to extend thecapabilities of the card reader 110 by providing for downloads to thecard reader 110 of information or software, including user interfaceinformation.

The short-range communications subsystem 320 provides an interface forcommunication between the mobile device 140 or PC 130 and the cardreader 110. In some embodiments, the short-range communicationssubsystem 320 employs an infrared communication link or channel. Inother embodiments, the short-range communications subsystem 320 operatesaccording to a wireless RF bus protocol, such as Bluetooth™. However,the short-range communications subsystem 320 may operate according toany suitable local wired or wireless communication protocol, providedthat the short-range communications subsystem 232 (FIG. 2) of the mobiledevice 140 operates using the same protocol, thereby facilitatingwireless communication between the mobile device 140 and the card reader110.

Any communications mechanism and/or protocol may be implemented for theshort-range communications subsystems 232, 320, provided that the mobiledevice 140 and the card reader 110 can communicate with each other whenwithin sufficiently close physical proximity.

Although not shown in FIG. 1 in relation to PC 130, PC 130 comprises asuitable short-range communication subsystem for facilitating wirelesscommunication between PC 130 and card reader 110. The short-rangecommunication subsystem of the PC 130 may operate in a similar manner tothe short-range communication subsystem 232 of the mobile device 140,for example using an infrared communication link or a wireless RF busprotocol such as Bluetooth™. Alternatively, the PC 130 may employ asuitable serial interface for communication with card reader 110, forexample using a USB cable.

Referring now to FIG. 4, there is shown a flowchart of a first method400 for managing communication between memory card 120 and a pluralityof accessing devices, such as at least one PC 130 and at least onemobile device 140. Method 400 assumes that a connection exists between afirst accessing device (eg. PC 130) and card reader 110 and that thefirst accessing device has established a secure session with memory card120 via card reader 110. Method 400 also assumes that a second accessingdevice (eg. mobile device 140) is introduced to system 100 subsequent tothe first accessing device establishing the secure session with memorycard 120.

For purposes of illustration, PC 130 will be used as an example of thefirst accessing device and mobile device 140 will be used as an exampleof the second accessing device in the following description. However, itshould be understood that the PC 130 or mobile device 140 may besubstituted with another form of accessing device. Further, the firstaccessing device may be a mobile device 140 instead of PC 130 and thesecond accessing device may be a PC 130 instead of mobile device 140.

At step 405, mobile device 140 and card reader 110 initiate securingpairing therebetween. Secure pairing of the mobile device 140 and cardreader 110 involves setting up encryption and decryption keys for use incommunicating with each other and then forming the connection for securecommunication. The secure pairing of mobile device 140 and card reader110 may be performed such that they each generate a cryptographic keyfor encrypting communications between mobile device 140 and card reader110. Each such cryptographic key may be formed from separately generatedsymmetric keys K1, K2 and a hash result created by hashing packetscommunicated over communication link 114. Once each cryptographic key isgenerated, the mobile device 140 and card reader 110 become securelypaired and the cryptographic key can be used for encrypted communicationtherebetween.

At step 410, the card reader 110 notifies mobile device 140 of theexisting session between PC 130 and memory card 120. This notificationmay be passive or active. If the notification is active, the card readermay proactively indicate to the mobile device that memory card 120 isalready engaged in a session or if the notification is passive, the cardreader 110 may respond to a power-up command from the mobile device 140to memory card 120 by indicating that a session has already beenestablished.

Steps 405 and 410 may be omitted where mobile device 140 is not newlyintroduced to system 100 and already has information that memory card120 is engaged in a session with another device.

At step 415, once mobile device 140 determines that there is afunctional requirement to open a session with memory card 120, mobiledevice 140 displays an option, for example via a dialog box displayed tothe user by display subsystem 210. The option thus displayed to the useris to disconnect the device currently having the open session withmemory card 120 (which in this case is the PC 130) and thereforeterminate the open session. An option to “cancel” and not terminate theopen session may also be displayed.

At step 420, the user selects one of the options displayed at step 415,for example by providing input to keyboard 226 or to auxiliary I/O 222(eg. using a scroll wheel or a track ball). If the user selects the“cancel” option, method 400 ends at step 425. If the user selects theoption to disconnect the existing session with PC 130, mobile device 140transmits an open session command to card reader 110 over link 114, atstep 430.

At step 435, the card reader 110 receives the open session command frommobile device 140 and is configured to recognize that the commandrequires the existing session to be closed in order for the mobiledevice 140 to open another session with memory card 120. Accordingly,the card reader 110 effectively terminates the session between PC 130and memory card 120. This termination may be performed by notifying thePC 130 that memory card 120 can no longer be accessed by card reader110. This may comprise simulating that memory card 120 has removed fromcard reader 110 or the connection between memory card 120 and cardreader 110 is otherwise broken or interrupted. Upon receipt of such anotification from card reader 110, PC 130 treats the session as havingbeen ended.

Termination of a session between PC 130 and memory card 120 may be madeimmediately, so as to interrupt any data exchange, or may be madesubsequent to completion of a data transfer or other operation.

At step 440, mobile device 140 establishes a session with memory card120 via card reader 110. Mobile device 140 may wait for confirmationfrom card reader 110 that the previous session was terminated or it maynot wait for such confirmation and simply assume that termination hasoccurred.

At step 445, mobile device 140 transmits a close session command to cardreader 110, once mobile device 140 has completed the operation for whichit required the session with memory card 120 to be opened. Card reader110 then terminates the session between memory card 120 and mobiledevice 140.

At step 450, card reader 110 may notify PC 130 that memory card 120 isagain available for opening a new session. As it is common for a PC tomaintain an open session with memory card 120 as long as communicationbetween card reader 110 and PC 130 is established, the PC 130 willusually open a new session with memory card 120, at step 455.

As mobile device 140 is recognized by card reader 110 as being a devicerequiring relatively short sessions with memory card 120, in contrastwith the long sessions opened by PC 130, card reader 110 may beprogrammed to recognize the open session command from mobile device 140as being a command taking priority over the existing session between thememory card 120 and the PC 130. Additionally, one or more othercomputing devices may be recognized as having a relatively higherpriority for creating a session with memory card 120, so that arelatively lower priority device can have a session open, subject to theneeds of the higher priority devices.

Method 400 described in relation to FIG. 4 comprises one example of amethod for managing access to a smart card by multiple accessingdevices. Method 400 represents what is, in effect, a brute force method,in which the pre-existing session between PC 130 and memory card 120 isterminated in order to allow a shorter, higher priority session to beestablished between the mobile device 140 and smart card 120. Incontrast, an alternative method of managing access to memory card 120 isdescribed below, in relation to FIG. 5. This alternative method involvesthe creation of additional logical channels (on top of the basicchannel) over which the newly introduced accessing device (e.g. mobiledevice 140) can communicate with memory card 120. The creation of suchan additional logical channel is facilitated by channel managercomponent 330 on card reader 110.

The channel manager component 330 maintains a connection table in flashmemory 314 or RAM/cache 316, with entries in the table for eachconnection (which may be a securely paired connection) establishedbetween the memory card 120 and a respective accessing device 130, 140.The connection table may also comprise entries for securely pairedconnections between card reader 110 and accessing device 130, 140 whereno session is currently established with memory card 120 for thataccessing device 130, 140.

For each connection entry in the connection table, there may be one ormore channel entries. For example, where PC 130 has a sessionestablished with memory card 120 by the CSP over the basic channel, theconnection table will have a connection entry for PC 130 and a channelentry for the basic channel associated with that session. If PC 130opens a logical channel with memory card 120, for example where afurther application on PC 130 needs to access memory card 120, then afurther channel entry will be created in the connection table associatedwith the connection for PC 130. Additionally, the number of the logicalchannel is recorded in the connection table. In this example, the basicchannel is number 0 and the new logical channel may be channel 1.

Building on the above example, suppose mobile device 140 establishes asecurely paired connection with card reader 110 and attempts toestablish a session with memory card 120. In this case, the channelmanager component 330 will issue a MANAGE_CHANNEL command to memory card120, which will then create a new logical channel over which mobiledevice 140 can securely communicate with memory card 120. The newlyestablished connection between mobile device 140 and card reader 110 isrecorded in the connection table, together with the logical channelassigned to the session between mobile device 140 and memory card 120.

As the establishment of the logical channel is transparent to mobiledevice 140 (because card reader 110 does not make mobile device 140aware of the pre-existing session that PC 130 has established withmemory card 120 over the basic channel), mobile device 140 attempts tocommunicate with memory card 120 over the basic channel. Thus, the APDUstransmitted from mobile device 140 to memory card 120 (via card reader110) are modified by channel manager component 330 so as to appear tohave been transmitted on the assigned logical channel for the sessionwith mobile device 140. This may be done by modifying the class byte ofeach APDU from mobile device 140 so as to change the channel identifierin that byte, for example from 0 (the basic channel) to 2 (the assignedlogical channel). The connection table is used by channel managercomponent 330 to ensure appropriate modification of the class bytes sothat they appear to have been received over the assigned logicalchannel.

If another application on mobile device 140 then seeks to communicatewith memory card 120, the channel manager on mobile device 140 may thensend a further session request to card reader 110. Card reader 110 thentransmits a further MANAGE_CHANNEL command to memory card 120 to open afurther logical channel. Memory card 120, in this example, will assignthe fourth (and last available) channel, which is channel number 3, tothe new session with the further application on mobile device 140.Memory card 120 notifies card reader 110 that channel 3 has beenassigned for the new session established with mobile device 140, andcard reader 110 in turn notifies mobile device 140 of this assignment.

The assignment of the new logical channel for the application on mobiledevice 140 is not transparent to mobile device 140 because the channelmanager of mobile device 140 is already aware of the session establishedover channel 2, which it assumes is the basic channel (channel 0). Thus,the channel manager of mobile device 140 is expecting to receive alogical channel assignment for the second session that it has sought toestablish with memory card 120.

Under the above-described scenario, the connection table would have twoconnection entries, one for PC 130 and one for mobile device 140. Theconnection entry for PC 130 would indicate that channels 0 and 1 areassigned to the connection with PC 130, while the connection entry formobile device 140 would indicate that channels 2 and 3 are assigned tomobile device 140. Channel manager component 330 also includes a mappingreference for each assigned channel in order to indicate how theincoming APDUs need to be modified. For example, when mobile device 140transmits APDUs over what it assumes is the basic channel, a mapping ofchannel 0 to channel 2 is performed by channel manager component 330 incard reader 110 according to the relevant channel entry in theconnection table. Table 1 below is an example connection table,depicting the recorded connection and channel entries (plus mapping, ifrelevant) for the above-described example.

TABLE 1 Connection Table Connection Channel PC 130 0 1 Mobile Device 1402 (map 0 to 2) 3

Referring now to FIG. 5, a method 500 of managing access to memory card120 is described in further detail. Method 500 begins at step 510, atwhich an accessing device, for example either PC 130 or mobile device140, requests a session with memory card 120. This session request maybe in the form of a cold reset or a warm reset, depending on whethermemory card 120 is in a powered-down or powered-up state, respectively.

The channel manager component 330 of SCR 110 receives the sessionrequest and, at step 515, checks the connection table stored in flashmemory 314 or RAM/cache 316 to determine which channels, if any, areavailable to establish a session with memory card 120. If, at step 520,channel manager component 330 determines that the basic channel is notin use, then at step 525, channel manager component 330 causes memorycard 120 to open a session with accessing device 130 or 140 on the basicchannel and updates the connection table accordingly.

If, at step 520, channel manager component 330 determines that the basicchannel is already in use, then at step 530, channel manager component330 determines from the connection table whether a logical channel isavailable for the requested session. If no logical channel is available,for example because the maximum number of possible logical channels arealready in use, SCR 110 may notify the accessing device 130 or 140 atstep 535 that no channel is available. Alternatively, the SCR 110 mayprovide a list of all accessing devices connected to memory card 120 andhaving a secure session therewith to enable user-selection of one suchsecure session for termination, as described below with reference toFIGS. 7 to 10.

If, at step 530, it is determined that a logical channel is availablefor the requested session, SCR 110 issues an open channel command, suchas a MANAGE_CHANNEL command, to memory card 120, at step 540. Memorycard 120 then assigns a logical channel to the accessing device 130 or140 requesting the new session, at step 545. If the session request wasmade over a pre-existing logical channel, the assigned logical channelis communicated to SCR 110 from memory card 120, and then in turn toaccessing device 130 or 140. Otherwise, the assigned channel number isnot communicated to the accessing device 130 or 140 as the accessingdevice 130 or 140 assumes that it is communicating with the memory card120 over the basic channel.

At step 550, the accessing device 130 or 140 proceeds to communicatewith memory card 120 in order to achieve its desired purpose, such asauthentication or data signing. Such communication will usually includetransmission of one or more APDUs according to the ISO 7816-4 standard.

If the channel assigned to the session requested by the accessing device130 or 140 is different from the channel that the accessing device 130or 140 assumes it has been assigned, then mapping of the assumed channelto the assigned channel is required. This is described in further detailbelow, with reference to FIG. 6.

Once accessing device 130 or 140 has communicated with memory card 120to achieve its desired purpose, then at step 555, the accessing device130 or 140 may close the session with memory card 120. This may be doneby issuing an appropriate command to SCR 110, which in turn issues anappropriate end session command to memory card 120, indicating thechannel on which the session was opened. Memory card 120 then closes thesession for that channel and channel manager component 330 updates theconnection table to remove the channel entry corresponding to the closedchannel from the relevant connection entry. This close functionexplicitly closes a logical channel other than the basic channel. Theclosed logical channel is then available for reuse.

If the channel sought to be closed is the basic channel, this maynecessitate closing of the logical channels also. In this case, thechannel manager component 330 may facilitate re-establishment of thesessions that were open on the logical channels and that were forced toclose. For example, one of the previously open sessions on a logicalchannel may be re-opened on the basic channel and the other sessions maybe re-opened on newly re-established logical channels, based on theconnections and channels recorded in the connection table.

Method 500 may be performed repeatedly over time, according to theaccess needs of the various accessing devices that establish connectionswith SCR 110. Such repeated performance need not necessarily includestep 555 unless memory card 120 has reached its maximum number oflogical channel assignments.

Referring now to FIG. 6, a method 600 of mapping an assumed channel toan assigned channel is described in further detail. Method 600 assumesthat a session between an accessing device 130 or 140 and memory card120 has been established.

Method 600 begins at step 610, at which SCR 110 receives an APDU fromaccessing device 130 or 140. Channel manager component 330 determinesthe connection over which the APDU was received and the channel overwhich the APDU was intended by accessing device 130 or 140 to beprovided to memory card 120. The channel manager component 330determines the intended channel number by inspecting the relevant bitsin the class byte of the APDU. The channel manager component 330 thenchecks the connection table at step 620 and compares the intendedchannel with the assigned channel.

The channel manager component 330 determines whether any mapping of thechannel number is required, at step 630. If the intended channel is thesame as the assigned channel, then the intended channel is correct andno mapping is required. If the intended channel is different from theassigned channel, then it is considered to be an assumed channel andmust be mapped to the assigned channel according to a mapping previouslydetermined by the channel manager component 330 and recorded in theconnection table.

If the channel of the APDU is required to be mapped from an assumedchannel to an assigned channel, then at step 640 the channel managercomponent 330 modifies the relevant bits in the class byte of the APDUaccording to the mapping specified in the connection table.

At step 650, if no channel mapping is required or if the APDU has beenmodified according to the required mapping, the APDU is then passed tomemory card 120 for processing. For responses from the memory card 120that are sent back to the accessing device 130 or 140, an inversemapping process may be employed, as necessary.

Referring now to FIG. 7, a further method 700 of managing access tomemory card 120 by multiple accessing devices 130, 140 is described.Method 700 assumes that a connection exists between a first accessingdevice (e.g. PC 130) and card reader 110 and that the first accessingdevice has established a secure session with memory card 120 via cardreader 110. Depending on whether memory card 120 supports creation oflogical channels in addition to the basic channel, further securesessions may be established between the memory card 120 and the firstaccessing device (for example, where more than one application on thefirst accessing device requests a secure session) or with otheraccessing devices. Method 700 also assumes that a second accessingdevice (e.g. mobile device 140) is introduced to system 100 subsequentto the first accessing device establishing the secure session withmemory card 120.

For purposes of illustration, PC 130 will be used as an example of thefirst accessing device and mobile device 140 will be used as an exampleof the second accessing device in the following description. However, itshould be understood that the PC 130 or mobile device 140 may besubstituted with another form of accessing device. Further, the firstaccessing device may be a mobile device 140 instead of PC 130 and thesecond accessing device may be a PC 130 instead of mobile device 140.

Method 700 also assumes that secure pairing has been initiated betweenmobile device 140 and card reader 110, in the manner described above inrelation to step 405. Method 700 begins at step 705, at which mobiledevice 140, as one example of the second accessing device, requests asession with memory card 120. This session request may be in the form ofa cold reset or a warm reset, depending on whether the memory card 120is in a powered-down or powered-up state, respectively. The sessionrequest may be any form of communication from the accessing device tothe card reader 110 that indicates that the accessing device may wish toestablish a secure session with memory card 120, regardless of whethersuch communication is in the form of an explicit session request. Forexample, the communication may be of a form such as to imply a sessionrequest, such as by requesting memory card 120 to provide its Answer ToReset (ATR) or by transmitting a command APDU to memory card 120.

Following receipt of the express or implied session request at step 705,channel manager component 330 checks, at step 710, whether channelmanagement (i.e. support for multiple logical channels in addition tothe basic channel) is supported by the memory card 120. Channel managercomponent 330 does this by checking a stored Boolean channel managementvalue indicative of whether channel management is supported or not. Ifno such channel management value is stored, then channel managercomponent 330 executes a sub-process at step 715 to determine whetherchannel management is supported. This sub-process is described infurther detail below in relation to FIG. 8.

If the channel management value indicates at step 710 that channelmanagement is not supported, then, at step 720, channel managercomponent 330 checks whether the basic channel is available. If thebasic channel is available, for example where the first accessing devicehas just ended its session, then at step 725, the second accessingdevice is allowed to open a secure session on the basic channel.

If the channel management value indicates that channel management issupported, then at step 730 channel management component 330 checks theconnection table to determine whether a logical channel is available. Ifno logical channel is available, then at step 735, the channel managercomponent 330 sends the second accessing device a list of connecteddevices that have a secure session established with memory card 120.This list is generated based on the connection entries in the connectiontable for which there is also a session entry. Step 735 mayalternatively be performed if, at step 720, channel manager component330 determines that the basic channel is not available. The list sent tothe second accessing device at step 735 may contain only a singledevice, for example where a single device has monopolized all (single ormultiple) sessions allowed by memory card 120.

In response to receipt of the list transmitted by card reader 110 atstep 735, the second accessing device (mobile device 140) provides adisplay window 1000 to the user on display subsystem 210 that containsthe list of the connected devices. An example of such a display window1000 is shown and described in further detail in relation to FIG. 10. Atstep 740, display window 1000 provides a prompt to the user to selectone of the listed devices for disconnection or to cancel the sessionrequest.

At step 745, channel manager component 330 waits for receipt of acommand from the mobile device 140 corresponding to selection of one ofthe listed devices to be disconnected. If the user elects to “cancel”,mobile device 140 cancels the issued session request at step 750 bysimulating a condition in which the memory card 120 has becomeinaccessible, for example by simulating a card removal. If the “cancel”option is selected by the user, the channel manager component 330 is notnotified as it is not required to take any action in response.Alternatively, mobile device 140 may notify the channel managercomponent 330 if the “cancel” option is selected

If at step 745 the command received from mobile device 140 correspondsto selection of a particular device for disconnection, then at step 755,SCR 110 causes the secure session that the relevant device has withmemory card 120 to be terminated. In so doing, SCR 110 may notify thedevice that the memory card 120 has become inaccessible, for example dueto a card removal. The command issued by mobile device 140 to SCR 110 toterminate another device's session may include a command APDU to beprovided to the memory card 120, assuming that a secure session cansubsequently be established between the memory card 120 and mobiledevice 140. This way, if the mobile device 140 can establish a securesession with memory card, the SCR 110 can immediately provide thecommand APDU to memory card 120. Otherwise, the SCR 110 may inform themobile device 140 that the session has been established and then wait toreceive the first command to send to the memory card 120.

Following termination of the session at step 755, step 730 is thenperformed again, in order to determine that a logical channel isavailable by which the second accessing device can establish a securesession with memory card 120. This check is performed again in caseanother accessing device has taken the logical channel that becameavailable immediately following performance of step 755.

Where a logical channel is determined to be available at step 730, thenat step 760, the SCR 110 issues an open channel command to memory card120 to enable mobile device 140 to establish a secure session withmemory card 120. Memory card 120 then assigns a logical channel to themobile device at step 765. At step 770, the mobile device communicateswith the memory card 120 to accomplish its desired function and, once itis finished, mobile device 140 and SCR 110 cooperate to close thesession at step 775.

Where a logical channel becomes available (step 730) or is assigned(step 765) or closed (step 775), the connection table is updatedaccordingly. Following steps 725 or 775, steps 705 to 775 are repeatedas necessary for any subsequent session request from an accessingdevice.

Method 700 assumes that if channel management is supported by memorycard 120, then only logical channels will be assigned for securesessions. However, in alternative embodiments, the basic channel may beused in addition to the logical channels for creation of securesessions. In such embodiments, step 730 comprises checking foravailability of the basic channel as well as any logical channel.

Referring now to FIG. 8, subprocess 715 is described in further detail.Subprocess 715 begins at step 805, at which the SCR 110 opens a sessionwith memory card 120 on the basic channel and, at step 810, retrievesthe ATR from memory card 120.

Once the SCR 110 retrieves the ATR, it checks, at step 815, whether theATR indicates that channel management is supported by the memory card120. This may be done, for example, by checking a certain portion of theATR and comparing it with data for other ATR's associated with memorycards that are known to either support or not support channelmanagement. If, at step 815, the data in the ATR indicates that channelmanagement is supported, then at step 820, the SCR 110 records thatchannel management is supported by memory card 120 by setting a booleanchannel management value to true.

If the ATR does not indicate that channel management is supported, thenat step 825, SCR 110 checks whether the ATR indicates that channelmanagement is not supported. If channel management is not supported,then at step 830, SCR 110 records that channel management is notsupported by setting the channel management value to false.

If the ATR does not indicate that channel management is not supported,then at step 835, the SCR 110 tests the memory card 120 for channelmanagement support by attempting to establish a logical channel withmemory card 120 by transmitting a MANAGE_CHANNEL command.

At step 840, SCR 110 checks whether a logical channel has beenestablished at 835, for example, by checking for an acknowledgment (thatmay include a channel assignment) or an error message in response. Ifthe SCR 110 determines at step 840 that it was unable to establish alogical channel, then SCR 110 performs step 830 to record that channelmanagement is not supported. On the other hand, if at step 840 the SCR110 can confirm that a logical channel was established with memory card120 in response to the MANAGE_CHANNEL command, then SCR 110 concludesthat channel management is supported, proceeds to close the logicalchannel at step 845 (as it is no longer required) and performs step 820to record that channel management is supported.

Referring now to FIG. 9, a further method 900 of managing access to asmart card is described. Method 900 is similar to method 700, exceptthat it does not check whether channel management is supported, nor doesit distinguish between the basic channel and a logical channel whenchecking whether a channel is available. Method 900 assumes that theaccessing device 130, 140 has sent a session request on afire-and-forget basis (i.e., without requiring information as to thesession status or an acknowledgement of the session request). In thiscase, the accessing device 130,140 assumes that a secure session hasbeen established with memory card 120 via SCR 110 in response to thesession request and proceeds to transmit a command APDU or a request forthe ATR of memory card 120 (if it did not already cache the ATR) to SCR110, at step 905.

Once SCR 110 receives the command APDU or ATR request, then at step 910,the SCR 110 checks the connection table to determine whether theaccessing device 130,140 has a secure session open with memory card 120.If a session is already open, then at step 925, the SCR 110 simply sendsthe command APDU to memory card 120 or sends the ATR retrieved frommemory card 120 to accessing device 130,140.

If at step 910 SCR 110 determines that a session is not yet open betweenthe accessing device 130,140 and the memory card 120, then at step 915SCR 110 determines whether a channel (basic or logical) is available toestablish a secure session. If a channel is available, then at step 920,SCR 110 opens a secure session with memory card 120 for accessing device130,140 on the available channel. Where channel management is notsupported by memory card 120, the only such available channel would bethe basic channel. Where channel management is supported, a channel maybe available if the basic channel and the maximum permitted number oflogical channels are not already in use by other accessing devices 130or 140.

Where SCR 110 determines at step 915 that a channel is not available,then at step 930 SCR 110 checks the connection table (if channelmanagement is supported) and sends to the accessing device 130, 140 thenames of the connected devices for which secure sessions have beenestablished with memory card 120. For some embodiments, if channelmanagement is not supported, then the connection table is not created totrack the multiple connections and sessions. In such embodiments, theSCR 110 only needs to provide a one-member list of connected devices tothe accessing device 130, 140, at step 930.

In response to receipt of the list of connected devices, the accessingdevice 130, 140 prompts the user to select a device to terminate itssession, at step 935. This prompt is made by way of a display window1000, as shown in FIG. 10, displaying the connected devices by devicename as an itemized list 1030. From display window 1000, the user hasthe option to select one of the listed devices or to not select any ofthe listed devices, thereby canceling the session request.

At step 940, SCR 110 awaits receipt of a command or other form ofcommunication from accessing device 130, 140 corresponding to a userselection of one of the listed devices or, optionally, cancellation ofthe session request. If the user has elected to cancel the sessionrequest, then at step 945, accessing device 130, 140 simulates a cardremoval or other status descriptor indicating that the memory card 120is inaccessible to SCR 110. If SCR 110 receives a response fromaccessing device 130, 140 that indicates that the user has not selectedone of the listed devices and instead has opted to cancel the sessionrequest, then at step 945 SCR 110 takes no further action and does notupdate the connection table.

If the command or other communication received by SCR 110 at step 940corresponds to user selection of one of the listed devices, then at step950 SCR 110 co-operates with memory card 120 to terminate the securesession of the selected device. SCR 110 notifies the selected device ofthe termination of the session, for example, by simulating a cardremoval or other status indicative of the memory card 120 beinginaccessible. Following step 950, SCR 110 again performs step 915 tocheck whether a channel is available, just in case another accessingdevice may have opened a session on the channel as soon as it becameavailable. Assuming that a channel is available as a result of thesession termination at step 950, the accessing device 130, 140 will beallowed to open a secure session on the available channel at step 920and the original APDU will be sent to the memory card 120 at step 925,if applicable.

If SCR 110 stores a connection table, then following the change insession status at step 920 or 950, the connection table is updated toreflect the termination of one or more channels associated with onedevice and creation of a new session on a newly available channel by theaccessing device 130, 140, as appropriate.

Referring now to FIG. 10, there is shown an example screen shot of auser selection window comprising display window 1000. Display window1000 may comprise a title or banner 1010 at the top, includingdescriptive title text, such as “smart card busy”, indicative of thestatus that has given rise to the user input prompt at step 740 or 935.Further descriptive text 1020 is provided beneath the banner 1010 toexplain the reason for the appearance of the display window 1000. Forexample, such descriptive text may be “The maximum number of devices arecurrently communicating with the smart card. Which device would you liketo disconnect?”

The display window 1000 further comprises a list 1030 of devicesindicated by SCR 110 to currently have secure sessions established withmemory card 120. List 1030 may comprise only a single device or maycontain as many different devices as the number of channels that memorycard 120 can support, such as four. As shown in FIG. 10, list 1030comprises two devices: “Fred's Laptop” and “Fred's Desktop PC”. Where amobile device 140 is attempting to establish a secure session, themobile device 140 is not displayed in list 1030 because a session hasnot yet been established for it.

In response to display window 1000 being displayed, the user may selectone of the devices in list 1030 using an appropriate user inputcomponent on accessing device 130, 140. The user may then click an “OK”button 1040 to cause accessing device 130, 140 to send a command orother communication to SCR 110, indicating that the user would like toterminate the session of the device selected from list 1030. Button 1040may comprise text other than “OK” such as “disconnect”, for example.

If the user elects not to terminate the session of one of the devices inlist 1030, then the user may select a “cancel” button 1050. In responseto selection of button 1050, accessing device 130,140 treats the memorycard 120 as being inaccessible, for example, by simulating a cardremoval. The accessing device 130, 140 may also communicate with SCR 110to indicate that the session request has been cancelled.

Display window 1000 further comprises a toggling option, for example, inthe form of a checkbox, to allow the user to set a preference inrelation to further display of display window 1000. Toggling option 1060may be accompanied by text such as “don't ask again if only one deviceconnected.” Toggling option 1060, if selected (i.e., turned on) and the“OK” button 1040 is selected, will cause automatic termination of anexisting session where there is only one device using the session. Thismay avoid unnecessary user interaction where the memory card 120 doesnot support channel management, for example. If the user turns ontoggling option 1060, then, in subsequent performance of method 700 or900, steps 735 to 750 and 930 to 945 would not be performed, insteadproceeding directly to termination of the session of the singleconnected device at step 755 or 950, respectively.

Display window 1000 may be maintained or cancelled dynamically,according to the availability (or lack thereof of a channel on which theaccessing device 130, 140 can establish the session. Thus, if one of thesecure sessions is ended while display window 1000 is displayed on theuser interface of accessing device 130, 140, channel manager component330 will automatically attempt to establish a secure session with thememory card 120 for the accessing device 130, 140 and will notify theaccessing device 130, 140 accordingly. Alternatively, instead of thechannel manager component 330 automatically trying to establish a securesession between mobile device 140 and memory card 120, channel managercomponent 330 may simply notify all devices connected to SCR 110 that asession may now be established with memory card 120 and then let aspecific accessing device 130, 140 make an explicit session request. Ifthe display window 1000 is no longer necessary, for example because alogical channel has become available, accessing device 130, 140 ceasesdisplaying display window 1000.

Further, where the user selects a device from list 1030 for sessiontermination but the session cannot be closed (eg. because the device isno longer connected to SCR 110) or the terminated session is taken byanother accessing device, display window 1000 will continue to appear toenable the user to select another device for session termination. Thus,while display window 1000 continues to be displayed, list 1030 willcontinue to be updated (via communication between channel managercomponent 330 and accessing device 130, 140) to reflect changes in theconnection and/or session status of devices connected to memory card120.

It should be understood that variations and modifications can be made tothe embodiments described and illustrated herein without departing fromthe spirit of the described embodiments, the general scope of which isdefined in the appended claims.

1. A card reader device for managing access to a memory card by aplurality of accessing devices, the card reader device comprising: aprocessor; a wireless communication interface responsive to theprocessor for communicating with the plurality of accessing devices; anda memory card interface for enabling communication between the processorand the memory card; wherein, when at least a first secure session isopen between at least a first accessing device and the memory card, andthe card reader device receives an open session command from a secondaccessing device, the processor is configured: to determine whether thememory card is configured to support a second secure sessioncontemporaneously with at least the first secure session, to terminatethe first secure session if the processor determines that the memorycard is not configured to support the second secure sessioncontemporaneously with at least the first secure session, and to allowthe second accessing device to open the second secure session betweenthe memory card and the second accessing device.
 2. The device of claim1, wherein the open session command comprises a MANAGE_CHANNEL command.3. The device of claim 1, wherein the processor is configured totransmit a MANAGE_CHANNEL command to the memory card to open the secondsecure session.
 4. The device of claim 1, further comprising a memory,the memory storing a connection table, wherein the connection tablecomprises entries for each session established between the memory cardand a respective accessing device.
 5. The device of claim 4, wherein theconnection table comprises, for each session entry, one or more channelentries.
 6. The device of claim 1, wherein the memory card interfacecomprises a channel manager and the channel manager is configured todetermine whether multiple secure sessions can be supported by thememory card.
 7. The device of claim 1, wherein the processor is furtherconfigured to, prior to terminating the first secure session: determineall secure sessions established with the memory card, and provide a listof accessing devices corresponding to the all secure sessions to thesecond accessing device for display to a user of the second accessingdevice.
 8. The device of claim 7, wherein the processor is furtherconfigured to terminate the first secure session in response to acommand received from the second accessing device corresponding to auser selection of the first accessing device from the list.
 9. Thedevice of claim 1, wherein the memory card interface comprises a channelmanager and the channel manager controls the channels that can be openedbetween the memory card and the plurality of accessing devices so that atotal number of channels is limited to a predetermined number.
 10. Thedevice of claim 1, wherein the plurality of accessing devices comprisesone or more additional accessing devices each having a secure sessionestablished with the memory card.
 11. The device of claim 1, wherein theprocessor is configured to terminate the first secure session bynotifying the first accessing device that the memory card cannot beaccessed by the card reader device.
 12. The device of claim 1, whereinthe processor is configured to terminate the first secure session bynotifying the first accessing device that the memory card has beenremoved from the card reader device.
 13. The device of claim 1, furthercomprising a serial interface for wired communication with one of theplurality of accessing devices.
 14. The device of claim 1, furthercomprising a socket for receiving the memory card and electricallycoupling the processor and the memory card.
 15. The device of claim 1,wherein the memory card interface enables wireless communication betweenthe card reader device and the memory card.
 16. A method of managingcommunication between a memory card and a plurality of accessing devicescomprising at least first and second accessing devices when at least afirst secure session is established, the first secure session beingestablished between the memory card and the first accessing device, themethod comprising: receiving at a card reader device in communicationwith the memory card an open session command from the second accessingdevice to open a second secure session with the memory card; determiningwhether the memory card is configured to support the second securesession with the second accessing device contemporaneously with at leastthe first secure session; terminating the first secure session betweenthe first accessing device and the memory card if it is determined thatthe memory card is not configured to support the second secure sessioncontemporaneously with at least the first secure session; and openingthe second secure session between the second accessing device and thememory card.
 17. The method of claim 16, wherein the open sessioncommand comprises a MANAGE_CHANNEL command.
 18. The method of claim 16,wherein opening the second secure session comprises transmitting aMANAGE_CHANNEL command from the card reader device to the memory card.19. The method of claim 16, further comprising storing a connectiontable in a memory of the card reader device, the connection tablecomprising entries for each session established between the memory cardand a respective accessing device.
 20. The method of claim 19, whereinthe connection table comprises, for each session entry, one or morechannel entries.
 21. The method of claim 16, wherein the determiningcomprises determining whether multiple secure sessions can be supportedby the memory card.
 22. The method of claim 16, further comprising:prior to terminating the first secure session, determining all securesessions established with the memory card; and providing a list ofaccessing devices corresponding to the all secure sessions to the secondaccessing device for display to a user of the second accessing device;and wherein the first secure session is terminated in response to acommand received from the second accessing device corresponding to auser selection of the first accessing device from the list.
 23. Themethod of claim 16, further comprising controlling the channels that canbe opened between the memory card and the plurality of accessing devicesso that a total number of channels is limited to a predetermined number.24. The method of claim 16, wherein the terminating comprises notifyingthe first accessing device that the memory card cannot be accessed bythe card reader device.
 25. The method of claim 16, wherein theterminating comprises notifying the first accessing device that thememory card has been removed from the card reader device.
 26. The methodof claim 16, wherein the plurality of accessing devices comprises one ormore additional accessing devices each having a secure sessionestablished with the memory card.
 27. Computer readable storage storingprogram instructions which, when executed by a processor on a smart cardreader, cause the processor to perform a method of managingcommunication between a memory card and a plurality of accessing devicescomprising at least first and second accessing devices when at least afirst secure session is established, the first secure session beingestablished between the memory card and the first accessing device, themethod comprising: receiving at the card reader device in communicationwith the memory card an open session command from the second accessingdevice to open a second secure session with the memory card; determiningwhether the memory card is configured to support the second securesession with the second accessing device contemporaneously with at leastthe first secure session; terminating the first secure session betweenthe first accessing device and the memory card if it is determined thatthe memory card is not configured to support the second secure sessioncontemporaneously with at least the first secure session; and openingthe second secure session between the second accessing device and thememory card.
 28. A system for managing access to a memory card by aplurality of accessing devices, the system comprising: a card readerdevice having a processor, a wireless communication interface responsiveto the processor for communicating with the plurality of accessingdevices, and a memory card interface for enabling communication betweenthe processor and the memory card; at least a first accessing device incommunication with the card reader device; and a second accessing devicein communication with the card reader device; wherein, when at least afirst secure session is open between the first accessing device and thememory card and the card reader device receives an open session commandfrom the second accessing device, the processor is configured: todetermine whether the memory card is configured to support a secondsecure session contemporaneously with the at least first secure session,to terminate the first secure session if the processor determines thatthe memory card is not configured to support the second secure sessioncontemporaneously with at least the first secure session, and to allowthe second accessing device to open the second secure session betweenthe memory card and the second accessing device.